Incidents

One story per event: coverage from every outlet, clustered by shared CVEs and signals.

incident open 2 articles

Cyberattack disrupts logistics at Japanese food company Nichirei

In mid‑July, a cyberattack targeted Nichirei, one of Japan’s largest frozen food producers, forcing the company to disconnect its IT systems and halting logistics and shipments. The attack disrupted the firm’s supply chain, affecting distribution of its products across the country.

Jul 17, 2026 Jul 17, 2026
malware open 9 articles

CISA adds KNX and Oracle E-Business Suite flaws to Known Exploited Vulnerabilities catalog

On 15 July 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-4346 affecting the KNX Association’s KNX Protocol Connection Authorization Option 1 and CVE-2026-46817 affecting Oracle’s E-Business Suite to its Known Exploited Vulnerabilities (KEV) catalogue, indicating ac

Jun 30, 2026 Jul 17, 2026
campaign open 2 articles

Scattered Spider members sentenced for 2024 Transport for London cyberattack

Two members of the Scattered Spider cybercrime group, Thalha Jubair and Owen Flowers, were sentenced in a UK court to 5.5 years imprisonment for their role in a 2024 cyberattack on Transport for London that caused approximately £29 million in losses.

Jul 16, 2026 Jul 16, 2026
vulnerability open 2 articles

ServiceNow AI platform sandbox escape flaw (CVE-2026-6875) patched

ServiceNow patched a critical sandbox escape vulnerability (CVE-2026-6875) in its AI platform that could allow unauthenticated remote code execution. Fortinet and Ivanti also released security updates for multiple flaws in their respective products.

Jul 14, 2026 Jul 15, 2026
vulnerability open 2 articles

Progress Software zero‑day flaw disrupts ShareFile service

Progress Software confirmed that a previously unknown zero‑day vulnerability in its ShareFile product caused an outage affecting Storage Zone Controller customers. The company has issued a patch and is restoring access for those who apply the fix.

Jul 13, 2026 Jul 15, 2026
malware open 2 articles

D1R ransomware group claims breach of Synopsys and Bosch

The ransomware group D1R posted on its Tor leak site that it had compromised Synopsys’ website and obtained a corporate client database, also claiming to have stolen data from Bosch, and threatened to release the information unless a ransom was paid.

Jul 14, 2026 Jul 14, 2026
incident open 2 articles

US sanctions VPN provider 1VPNS for aiding ransomware gangs

On July 13, the U.S. Treasury’s Office of Foreign Assets Control sanctioned the VPN provider 1VPNS and two individuals for allegedly facilitating ransomware attacks on critical infrastructure.

Jul 13, 2026 Jul 14, 2026
vulnerability open 5 articles

Bad Epoll Linux kernel flaw (CVE-2026-46242) allows local root escalation

A use‑after‑free vulnerability in the Linux kernel’s epoll implementation, tracked as CVE-2026-46242, was disclosed with public proof‑of‑concept exploit code that enables any unprivileged local user to gain root privileges on affected Linux and Android systems.

Jul 3, 2026 Jul 14, 2026
vulnerability open 2 articles

VMware Avi Load Balancer authentication bypass flaw (CVE-2026-47865) patched

Broadcom released patches for seven vulnerabilities in VMware Avi Load Balancer, including a critical authentication bypass (CVE-2026-47865) with a CVSS score of 9.8. The flaws could be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.

Jul 14, 2026 Jul 14, 2026
malware open 2 articles

CrashStealer macOS infostealer steals credentials and cryptocurrency wallets

CrashStealer is a newly discovered macOS infostealer identified by Jamf Threat Labs in early May It uses a signed application to bypass Gatekeeper, harvesting passwords, cryptocurrency wallets and other sensitive data before encrypting the stolen information with AES.

Jul 14, 2026 Jul 14, 2026
vulnerability open 2 articles

SAP patches critical memory corruption flaw in NetWeaver (CVE-2026-44747)

SAP released security patches for its NetWeaver platform addressing multiple memory corruption vulnerabilities, including a critical flaw (CVE-2026-44747) that could allow attackers to read, modify data and cause denial of service.

Jul 14, 2026 Jul 14, 2026
campaign open 2 articles

Roundcube Webmail flaws exploited to target university physics departments

Threat actor UNK_MassTraction, believed to be China‑aligned, has been exploiting vulnerabilities in Roundcube webmail (CVE‑2024‑42009 and CVE‑2025‑49113) to infiltrate university physics departments in the United States and Canada.

Jul 7, 2026 Jul 13, 2026
malware open 7 articles

GigaWiper malware blends espionage backdoor with destructive wiper

Microsoft warned about GigaWiper, a modular Go-based backdoor for Windows that combines espionage and data-wiping capabilities. The malware has been observed in intrusions since at least 2024, allowing attackers remote access and destructive wiping of disks.

Jul 9, 2026 Jul 13, 2026
campaign open 2 articles

CISA contractor leaks AWS GovCloud keys on GitHub for six months

A contractor for the Cybersecurity and Infrastructure Security Agency posted dozens of internal credentials, including AWS GovCloud access keys, to a public GitHub repository where they remained exposed for approximately six months.

Jul 10, 2026 Jul 13, 2026
malware open 4 articles

China-linked APT UAT-7810 expands router malware network

Chinese-linked threat actor UAT-7810 is expanding its Operational Relay Box (ORB) network by deploying new malware families such as LongLeash, DogLeash and JarLeash on SOHO routers from vendors like Ruckus and ASUS.

Jul 8, 2026 Jul 13, 2026
vulnerability open 2 articles

Zimbra patches critical stored XSS vulnerability in Classic Web Client

A stored cross-site scripting (XSS) vulnerability was discovered in Zimbra's Classic Web Client, allowing attackers to execute arbitrary code when a malicious email is opened. The flaw could lead to account takeover without user interaction. Zimbra has released version 10.1.19 to patch the issue.

Jul 10, 2026 Jul 13, 2026
malware open 2 articles

CMS Exploitation Campaign Deploys Webshells on Australian SMB Websites

Australian cyber authorities have issued an alert about a large‑scale exploitation campaign that targets vulnerabilities in popular content management systems such as WordPress and Joomla to install webshells on compromised sites.

Jul 13, 2026 Jul 13, 2026
campaign open 5 articles

Former ransomware negotiator sentenced to 70 months for aiding BlackCat

Angelo Martino, a former ransomware negotiator, was sentenced to 70 months in prison after pleading guilty to conspiring with the BlackCat/Alphv ransomware group to extort victims. The court found that he used his insider knowledge to assist the gang while betraying his clients.

Jul 10, 2026 Jul 11, 2026
campaign open 2 articles

Gentlemen ransomware gang compromises 580 victims worldwide

The Gentlemen ransomware gang, operating under a ransomware‑as‑a‑service model, has infected approximately 580 organizations, with a focus on manufacturing firms. The group uses an affiliate network to distribute its malware and extort payments.

Jun 29, 2026 Jul 10, 2026
malware open 3 articles

HalluSquatting technique exploits AI hallucinations to deliver malware

Researchers have demonstrated a technique called HalluSquatting that manipulates large language models into hallucinating malicious code packages, which are then fetched and executed by unsuspecting users or AI agents, enabling the creation of hidden botnets.

Jul 8, 2026 Jul 10, 2026
vulnerability open 4 articles

Microsoft June 2026 Patch Tuesday addresses 208 vulnerabilities

Microsoft released its June 2026 Patch Tuesday updates, fixing a record 208 vulnerabilities, including 38 critical flaws and several actively exploited zero-days such as CVE-2026-47291 in HTTP.sys and CVE-2026-41091.

Jun 9, 2026 Jul 10, 2026
breach open 2 articles

Malware campaign spreads via fake Go packages on GitHub

Threat actors created hundreds of fake Go modules on GitHub, embedding loaders, stealers, RATs and cryptominers that were downloaded by developers and crypto‑currency users.

Jul 10, 2026 Jul 10, 2026
incident open 2 articles

Google Chrome 150 security update patches 27 vulnerabilities

On July 8, Google released a Chrome 150 update that addressed 27 security vulnerabilities, including two critical use‑after‑free flaws. The update is available for desktop versions of Chrome and users are advised to install it promptly. No active exploitation of the flaws has been reported.

Jul 9, 2026 Jul 10, 2026
malware open 2 articles

PamStealer macOS malware steals credentials via fake Maccy app

Security researchers identified a new macOS infostealer dubbed PamStealer that is distributed as a fake version of the Maccy clipboard manager. The malware, written in Rust, targets Apple Silicon Macs and harvests credentials from browsers, password managers and other sources.

Jul 2, 2026 Jul 10, 2026
breach open 2 articles

KDDI email system breach exposes millions of Japanese ISP users

Hackers exploited a zero‑day vulnerability in a third‑party system to gain unauthorized access to KDDI’s email platform serving multiple Japanese ISPs, compromising the personal data of roughly 12‑14 million users.

Jun 24, 2026 Jul 9, 2026